H Series: Update the CTERA Edge Filer ESXI Version
  • 12 Apr 2022
  • 5 Minutes to read
  • Dark
    Light
  • PDF

H Series: Update the CTERA Edge Filer ESXI Version

  • Dark
    Light
  • PDF

VMware issues security advisories when necessary and creates patches for the vulnerabilities discovered in the ESXi software. These vulnerabilities impact the H Series CTERA Edge Filers:

For example, 

  • CVE-2020-3992 – ESXi OpenSLP remote code execution vulnerability is assessed as critical to resolve.
  • The following vulnerabilities have been assessed as important:
    • CVE-2020-3981 – TOCTOU out-of-bounds read vulnerability.
    • CVE-2020-3995 – VMCI host driver memory leak vulnerability.
  • CVE-2020-3982 – TOCTOU out-of-bounds write vulnerability is assessed with moderate severity.

For more details about these VMware vulnerabilities and other vulnerabilities within the VMware product line, refer to https://www.vmware.com/security/advisories/VMSA-2020-0023.html.

For more details about Security Vulnerability CVE-2021-44228 (Log4Shell), see see https://nvd.nist.gov/vuln/detail/CVE-2021-44228.

This document describes the procedure to fix these vulnerabilities in your H Series CTERA Edge Filers.

Notes: Contact CTERA support if you have been authorized to manage your CTERA Edge Filer in vCenter, as the procedure is different.
You need an Internet connection to perform the following procedure.
The datastore names and ESXi password used in this document are the default names provided by CTERA with your CTERA Edge Filer. If you changed these names use the changed names where appropriate.

Step-by-step guide

To prepare the environment for the vulnerability upgrade:

  1. If you do not have an SSH client, go to https://www.putty.org/ and download PuTTY to a PC, and then install it on a PC that has access to the CTERA Edge Filer.
  2. Open a web browser. You can use any of the latest two releases of Google Chrome, Apple Safari and Microsoft Edge.
  3. Enter the CTERA Edge Filer's IP address to navigate to the CTERA Edge Filer.
    The browser displays the CTERA Edge Filer Log In page:
  4. Enter the user name and password for accessing the CTERA Edge Filer and click Log In.
  5. In the status bar, click configuration icon and then click Shutdown.
    A confirmation message is displayed.
  6. Click Yes.
    The CTERA Edge Filer shuts down.
  7. Cleanly shut down any other server, such as a print server, you have running on the CTERA Edge Filer.
    Note: If you do not shut each server down via the server software, you can power off the virtual machine in the VMware Host Client.

To prepare the ESXi host for the vulnerability upgrade:

  1. Log in to the VMware Host Client.
    Use a browser on the same network to as the CTERA Edge Filer to access the VMware Host Client.
    The user name is root and the password is CTERA123!.
    The VMware Host Client is displayed, showing the Host details.
  2. Note the version, highlighted in the above screenshot, as you need this to download the correct vulnerability patch from CTERA.
  3. Download to a PC the vulnerability zip for your version of ESXi.
    ESXi version 6.5 - Download https://cti.ctera.com/invitations?share=9a5ba20f1ddbb84c3b76
    ESXi version 6.7 - Download https://cti.ctera.com/invitations?share=36a588924412e151a205
    ESXi version 7.0 - Download https://cti.ctera.com/invitations?share=66bba89495d3eddb9e9a
  4. If you need to power off any other server, such as a print server, in the VMware Host Client, click Virtual Machines in the Navigator and right-click each virtual machine to power off and then click Power > Power off.
  5. In the VMware Host Client, right-click Host in the Navigator and select Enter maintenance mode.
  6. Click Yes to enter maintenance mode.
    The host server graphic changes to show it is in maintenance mode.
  7. Select Host > Manage > Services in the Navigator and right-click TSM and click Start.
  8. Select Host > Manage > Services in the Navigator and right-click TSM-SSH and click Start.
  9. Click Storage in the Navigator.
  10. Right-click the datastore, dependent on you CTERA Edge Filer model, and click Browse:
    HC400, HC400E and HC400T - right-click the CTERAGatewayFirm datastore.
    HC1200 - right-click the CTERAGatewaySSD datastore.
    HC2400M - right-click the CTERAGatewaySD datastore.
    The Datastore browser window is displayed.
  11. Click Create directory.
    The New directory window is displayed.
  12. Enter upgrade for the directory name and click Create directory.
  13. In the Datastore browser window, select the upgrade directory and click Upload in the top right of the Datastore browser window.
  14. Select the zip file you downloaded in step 3 and click Open.

To upgrade the ESXi host with the vulnerability fixes:

  1. Open PuTTY, that you downloaded and installed in step 1 in the first procedure (To prepare the environment for the vulnerability upgrade).
    Note: If you use a different SSH client, open this client. The following steps are based on the PuTTY application.
  2. Enter the IP address in the Host Name (or IP address) field and click Open.
    The IP address is the same IP address you used to access the VMware Host Client.
  3. Login as root and the password is CTERA123!
  4. Run the following command for your version of ESXi, that you noted in step 2  in the procedure To prepare the ESXi host for the vulnerability upgrade.
    HC400, HC400E and HC400T and ESXi 6.5 - run esxcli software profile update -p ESXi-6.5.0-20201104001-standard -d /vmfs/volumes/"CTERAGatewayFirm"/"upgrade"/ESXi650-202011001.zip
    HC400, HC400E and HC400T and ESXi 6.7 - run esxcli software profile update -p ESXi-6.7.0-20201103001-standard -d /vmfs/volumes/"CTERAGatewayFirm"/"upgrade"/ESXi670-202011001.zip
    HC400, HC400E and HC400T and ESXi 7.0 - run esxcli software profile update -p ESXi-7.0U1a-17119627-standard -d /vmfs/volumes/"CTERAGatewayFirm"/"upgrade"/VMware-ESXi-7.0U1a-17119627-depot.zip
    HC1200 and ESXi 6.5 - run esxcli software profile update -p ESXi-6.5.0-20201104001-standard -d /vmfs/volumes/"CTERAGatewaySSD"/"upgrade"/ESXi650-202011001.zip
    HC1200 and ESXi 6.7 - run esxcli software profile update -p ESXi-6.7.0-20201103001-standard -d /vmfs/volumes/"CTERAGatewaySSD"/"upgrade"/ESXi670-202011001.zip
    HC1200 and ESXi 7.0 - run esxcli software profile update -p ESXi-7.0U1a-17119627-standard -d /vmfs/volumes/"CTERAGatewaySSD"/"upgrade"VMware-ESXi-7.0U1a-17119627-depot.zip
    HC2400M and ESXi 6.5 - run esxcli software profile update -p ESXi-6.5.0-20201104001-standard -d /vmfs/volumes/"CTERAGatewaySD"/"upgrade"/ESXi650-202011001.zip
    HC2400M and ESXi 6.7 - run esxcli software profile update -p ESXi-6.7.0-20201103001-standard -d /vmfs/volumes/"CTERAGatewaySD"/"upgrade"/ESXi670-202011001.zip
    HC2400M and ESXi 7.0 - run esxcli software profile update -p ESXi-7.0U1a-17119627-standard -d /vmfs/volumes/"CTERAGatewaySD"/"upgrade"/VMware-ESXi-7.0U1a-17119627-depot.zip
    The command takes a few minutes to complete. 
  5. After the update has completed, run the following command to reboot the ESXi host: reboot.
  6. Wait a few minutes for the ESXi to reboot.

To restart the CTERA Edge Filer and any additional servers:

  1. Log back in to the VMware Host Client.
  2. In the VMware Host Client, right-click Host in the Navigator and select the Exit maintenance mode.The ESXi version is updated with the vulnerability patches.
  3. Clean up your CTERA Edge Filer.
    1. Right-click the datastore, dependent on the CTERA Edge Filer model, and click Browse:
      HC400, HC400E and HC400T - right-click the CTERAGatewayFirm datastore.
      HC1200 - right-click the CTERAGatewaySSD datastore.
      HC2400M - right-click the CTERAGatewaySD datastore.
      The Datastore browser window is displayed.
    2. Select to the upgrade directory you created in steps 11 and 12 in the procedure To prepare the ESXi host for the vulnerability upgrade.
    3. Right-click the zip file in the directory and click Delete.
      A Confirm delete window is displayed.
    4. Click Delete to confirm the delete.
      Note: Ignore any error that is displayed.
  4. In the VMware Host Client click Virtual Machines in the Navigator and right-click the CTERA Edge Filer virtual machine and click Power > Power on.
  5. If you have additional virtual machines, such as a print server, that were not automatically started when you rebooted ESXi, in the VMware Host Client click Virtual Machines in the Navigator and right-click each virtual machine to power on and then click Power > Power on.

Security Vulnerability CVE-2021-44228 (Log4Shell)

Vulnerability Remediation


Was this article helpful?